Debian Buster Openstack images changelog 10.3.3-20200422 Updates in 3 source package(s), 4 binary package(s): Source linux-signed-arm64, binaries: linux-image-4.19.0-8-arm64:arm64 linux-signed-arm64 (4.19.98+1+deb10u1) buster-security; urgency=high * Sign kernel from linux 4.19.98-1+deb10u1 * [x86] KVM: nVMX: Don't emulate instructions in guest mode (CVE-2020-2732) * do_last(): fetch directory ->i_mode and ->i_uid before it's too late (CVE-2020-8428) * vfs: fix do_last() regression * vhost: Check docket sk_family instead of call getname (CVE-2020-10942) * mm: mempolicy: require at least one nodeid for MPOL_PREFERRED (CVE-2020-11565) * [s390x] mm: fix page table upgrade vs 2ndary address mode accesses (CVE-2020-11884) Source qemu, binaries: qemu-utils:amd64 qemu-utils:arm64 qemu (1:3.1+dfsg-8+deb10u5) buster-security; urgency=medium * display-bochs-fix-pcie-support-CVE-2019-15034.patch Fix possible buffer overflow in BOCHS display PCI config space Closes: CVE-2019-15034 * vnc-fix-memory-leak-when-vnc-disconnect-CVE-2019-20382.patch Fix misuse of libz in VNC disconnect, leading to memory leak Closes: CVE-2019-20382 * scsi-lsi-exit-infinite-loop-while-executing-script-CVE-2019-12068.patch Fix possible infinite loop in lsi_execute_script (LSI SCSI adapter) Closes: CVE-2019-12068 * iscsi-fix-heap-buffer-overflow-in-iscsi_aio_ioctl_cb.patch Fix heap buffer overflow in iSCSI's iscsi_aio_ioctl_cb() * slirp-fix-use-afte-free-in-ip_reass-CVE-2020-1983.patch Fix another use-after-free in ip_reass() in SLIRP code Closes: CVE-2020-1983 Source linux-signed-amd64, binaries: linux-image-4.19.0-8-cloud-amd64:amd64 linux-signed-amd64 (4.19.98+1+deb10u1) buster-security; urgency=high * Sign kernel from linux 4.19.98-1+deb10u1 * [x86] KVM: nVMX: Don't emulate instructions in guest mode (CVE-2020-2732) * do_last(): fetch directory ->i_mode and ->i_uid before it's too late (CVE-2020-8428) * vfs: fix do_last() regression * vhost: Check docket sk_family instead of call getname (CVE-2020-10942) * mm: mempolicy: require at least one nodeid for MPOL_PREFERRED (CVE-2020-11565) * [s390x] mm: fix page table upgrade vs 2ndary address mode accesses (CVE-2020-11884) -- Steve McIntyre <93sam@debian.org> Wed, 29 Apr 2020 16:34:52 +0100 10.3.4-20200429 Updates in 1 source package(s), 4 binary package(s): Source openssl, binaries: libssl1.1:amd64 openssl:amd64 libssl1.1:arm64 openssl:arm64 openssl (1.1.1d-0+deb10u3) buster-security; urgency=medium * CVE-2020-1967 (Segmentation fault in SSL_check_chain). -- Steve McIntyre <93sam@debian.org> Fri, 24 Apr 2020 17:44:13 +0100 10.3.2-20200406 Updates in 1 source package(s), 2 binary package(s): Source gnutls28, binaries: libgnutls30:amd64 libgnutls30:arm64 gnutls28 (3.6.7-4+deb10u3) buster-security; urgency=high * Non-maintainer upload by the Security Team. * GNUTLS-SA-2020-03-31: dtls client hello: fix zeroed random (CVE-2020-11501) Fix a DTLS-protocol regression (caused by TLS1.3 support), since 3.6.3. The DTLS client would not contribute any randomness to the DTLS negotiation, breaking the security guarantees of the DTLS protocol. (Closes: #955556) -- Steve McIntyre <93sam@debian.org> Tue, 07 Mar 2020 12:16:40 +0100 10.3.1-20200328 Updates in 1 source package(s), 2 binary package(s): Source icu, binaries: libicu63:amd64 libicu63:arm64 icu (63.1-6+deb10u1) buster-security; urgency=high * Backport upstream security fix for CVE-2020-10531: SEGV_MAPERR in UnicodeString::doAppend() (closes: #953747). -- Steve McIntyre <93sam@debian.org> Sun, 29 Mar 2020 15:35:46 +0100 10.3.0 First build for 10.3.0 release -- Steve McIntyre <93sam@debian.org> Sun, 09 Feb 2020 01:31:43 +0000